Tuesday, July 17, 2012

Some PC users might feel that Apple customers have been a bit "uppity" in regards to their OS, regarding security in particular. Much of this comes from Apple itself, which has openly bragged about how the Mac OS is immune to viruses. Recent developments have served to tarnish this reputation, and it seems Mac users would be wise to sit up and pay attention to a world they might have blissfully ignored before: cybercrime.

While Macs have admittedly seen far fewer widespread cases of malware infection compared with Microsoft boxes, this is probably a result of the fact that there has been a wide discrepancy in ownership percentages between the two platforms and, therefore, less incentive to devote the time and resources necessary to fully exploit the lesser-used Macs. As the ownership gap closes, however, and Macs comprise a larger percentage of the computer marketplace, they are naturally becoming more appealing to cybercriminal exploiters.

Here are some of the attacks that have been successfully launched against Macs.

Flashback

Flashback made the headlines recently as it has reportedly infected upwards of 600,000 computers, most of which were located the United States and Canada. The malware originally hit the wild as a fake update to the Adobe Flash plug-in (ironically, Apple founder Steve Jobs hated Flash). When users installed it, thinking they were simply upgrading their existing Adobe software, they were actually installing a Trojan with the potential to steal sensitive data off of the victim's Mac, such as passwords, bank account logins and more. Furthermore, the Trojan allowed hackers to take over their victims' computers for use in denial-of-service attacks and other schemes.

Flashback has since permutated into a Java-based exploit, which can be installed without the user's knowledge simply by visiting an infected webpage which will invoke the Java exploit.

SabPub

This recent malware works as a downloader, a software that connects to a "command and control" network from which it takes orders and initiates downloads from servers controlled by criminals. The effects are similar to Flashback, with data theft or control of the machine being the main goals.

As of this writing, the software appears to be in a beta or experimental phase, but as infections have been noted in China, which is notorious for having infected computers, expect it to spread and mutate into more damaging forms as time goes on.

Password changes

With the OS X Lion release, Apple left a password vulnerability wide open (since patched). Anyone with access to a machine was able to change the default password with a simple procedure using the Directory Services.

If a downloader exploit, as previously described, were to be installed, and one of the programs downloaded to the victim's Mac were a remote desktop interface, then a hacker could not only take control of the machine and steal everything on it, but could also lock the owner completely out of his or her own computer.

Scareware

Scareware, or programs which attempt to frighten users into downloading and installing software to protect against non-existent threats, have successfully infected Macs since at least 2008, with the release of MacSweeper. This rogue piece of scareware looked somewhat like the legitimate Mac Sweeper, but instead would "find" numerous problems which did not exist. It would then ask the mark to pay for the software in order to clean the "infection," which of course resulted in nothing but an emptier wallet for the victim.

Another, similar software was MacDefender, which was particularly troublesome as the developers would release new permutations as fast as soon as Apple could defend against previous versions through patches. It was also extremely difficult to remove, as it hid itself by working without a dock icon.

The future

The Mac platform has an ironic problem in that one of the reasons it has resisted viruses is the fact that most software is installed via its official App Store. That is also the reason why antivirus programs have made little inroads into the Mac user base. The Apple App Store forbids automatic, continuous updates by a software program, which is something that just about every antivirus program depends upon to keep its signature file updated.

To Apple's credit, they are addressing the vulnerabilities by releasing a program called Gatekeeper this summer which will allow users to better regulate where their software is installed from, making "drive-by" websites, which infect visitors with hidden scripts, less dangerous, and strengthening the OS's security profile overall.
Regardless of the actions taken by Apple, Mac users should note that the climate has changed for them, and that they are now, more than ever, directly in the crosshairs of hackers. For them, it pays to follow the developments of this disturbing, evolving trend and do what is recommended by security experts to keep their systems protected.

About the author: When John Dayton isn’t buys covering LWG Expert Directory, he commits himself to the tech industry. Having written about tech for many years, John has developed a wealth of knowledge.

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.